refactor(admin): use named routes for admin index navigation

Replace Referer-based redirects in Admin Index back() and switchUser() with named routes (admin.index and dashboard) for consistent navigation behavior independent of the request header. Add tests verifying back() returns to admin.index, switchUser routes to the dashboard, and the Referer header is no longer consulted.
2026-04-19 11:55:36 +02:00 · 2026-04-19 11:55:36 +02:00 · f77cc91b83
commit f77cc91b83
parent a478ac66eb
2 changed files with 46 additions and 5 deletions
--- a/app/Livewire/Admin/Index.php
+++ b/app/Livewire/Admin/Index.php
@ -37,7 +37,7 @@ public function back()
            Auth::login($user);
            refreshSession($team_to_switch_to);

-            return redirect(request()->header('Referer'));
+            return redirect()->route('admin.index');
        }
    }

@ -70,7 +70,7 @@ public function switchUser(int $user_id)
        Auth::login($user);
        refreshSession($team_to_switch_to);

-        return redirect(request()->header('Referer'));
+        return redirect()->route('dashboard');
    }

    private function authorizeAdminAccess(): void
--- a/tests/Feature/AdminAccessAuthorizationTest.php
+++ b/tests/Feature/AdminAccessAuthorizationTest.php
@ -1,6 +1,7 @@
 <?php

 use App\Livewire\Admin\Index as AdminIndex;
+use App\Models\InstanceSettings;
 use App\Models\Team;
 use App\Models\User;
 use Illuminate\Foundation\Testing\RefreshDatabase;
@ -70,9 +71,9 @@
 test('switchUser requires root user id 0', function () {
    config()->set('constants.coolify.self_hosted', false);

-    $rootTeam = Team::find(0) ?? Team::factory()->create(['id' => 0]);
+    InstanceSettings::unguarded(fn () => InstanceSettings::query()->create(['id' => 0]));
    $rootUser = User::factory()->create(['id' => 0]);
-    $rootTeam->members()->attach($rootUser->id, ['role' => 'admin']);
+    $rootTeam = Team::find(0);

    $targetUser = User::factory()->create();
    $targetTeam = Team::factory()->create();
@ -84,7 +85,47 @@
    Livewire::test(AdminIndex::class)
        ->assertOk()
        ->call('switchUser', $targetUser->id)
-        ->assertRedirect();
+        ->assertRedirect(route('dashboard'));
+});
+
+test('back() redirects impersonator to admin index and clears session', function () {
+    config()->set('constants.coolify.self_hosted', false);
+
+    InstanceSettings::unguarded(fn () => InstanceSettings::query()->create(['id' => 0]));
+    $rootUser = User::factory()->create(['id' => 0]);
+    $rootTeam = Team::find(0);
+
+    $this->actingAs($rootUser);
+    session([
+        'currentTeam' => ['id' => $rootTeam->id],
+        'impersonating' => true,
+    ]);
+
+    Livewire::test(AdminIndex::class)
+        ->call('back')
+        ->assertRedirect(route('admin.index'));
+
+    expect(session('impersonating'))->toBeNull();
+});
+
+test('switchUser ignores Referer header and uses dashboard route', function () {
+    config()->set('constants.coolify.self_hosted', false);
+
+    InstanceSettings::unguarded(fn () => InstanceSettings::query()->create(['id' => 0]));
+    $rootUser = User::factory()->create(['id' => 0]);
+    $rootTeam = Team::find(0);
+
+    $targetUser = User::factory()->create();
+    $targetTeam = Team::factory()->create();
+    $targetTeam->members()->attach($targetUser->id, ['role' => 'admin']);
+
+    $this->actingAs($rootUser);
+    session(['currentTeam' => ['id' => $rootTeam->id]]);
+
+    Livewire::withHeaders(['Referer' => 'https://example.com/elsewhere'])
+        ->test(AdminIndex::class)
+        ->call('switchUser', $targetUser->id)
+        ->assertRedirect(route('dashboard'));
 });

 test('switchUser rejects non-root user', function () {